Smart passport security loophole criticised

Recent reports about the ability to clone identity information held in new UK passports have been confirmed by leader of New Zealand's e-passport project.

Share

Recent reports about the ability to clone identity information held in new UK passports have been confirmed by leader of New Zealand's e-passport project.

The New Zealand Department of Internal Affairs (DIA) said there isn’t enough data stored on radio frequency ID (RFID) cards within its similarly styled passports’ chips to create counterfeit travel documents.

The UK government faced demands to recall 3m micro-chipped biometric passports earlier this month after it was revealed they could be electronically attacked and cloned with a £174 microchip reader.

DIA passport manager David Philp confirms that it is possible to access the RFID information and use it to make a clone. But the RFID chip in the e-passports currently issued in New Zealand is just one security feature out of more than 50 contained in the passport.

Having just a cloned chip isn’t sufficient to create a counterfeit passport, said Philp. He added that while New Zealand passports are “highly desirable," the DIA has seen very few credible counterfeited ones, he says.

While the general design goal of the e-passport is to lock the holder’s identity to the document in a secure manner, Philp said that there has to be a balance between risk management and customer service.

The passport has to be readable around the world in a reasonable amount of time and ideally in more situations than just immigration.

Philp gave airport check-ins as one example of where RFID-equipped passports should be readable.

Making the e-passport harder to read is possible, said Philp, but it would make immigration processing take longer and inconvenience people.

Researcher Peter Gutmann at the University of Auckland’s department of Computer Science was sceptical that the RFID chip provides any real security benefit. In fact, Gutmann went further and said in his technical background paper “Why biometrics is not a panacea”, that RFIDs in passports “are a disaster waiting to happen”.